Access to the Visa Information System (VIS) by the national authorities and Europol

This Decision complements the VIS Regulation by establishing a legal base that enables the designated authorities in EU countries that are members of the Schengen area and Europol to access the Visa Information System (VIS). The purpose of granting access is to allow them to prevent and detect criminal offences, particularly terrorist offences, more effectively.

ACT

Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

SUMMARY

The designated national authorities responsible for the prevention, detection or investigation of terrorist or other serious criminal offences and Europol officials are authorised to access VIS data.

Access by the national authorities

The operating units within the designated national authorities may access VIS data through central access points assigned by EU countries. Access to the data is applied for on a case-by-case basis with reasoned written or electronic requests. The requests are verified and processed by the central access points prior to querying the VIS. They transfer the data obtained from the query to the operation units. Only in urgent cases may the requests be submitted in written, electronic or oral form, with the verifications carried out ex-post.

The authorities designated by EU countries are authorised to consult the VIS within the limits of their powers, provided that:

it is necessary for the purpose of investigating, preventing or detecting serious criminal offences;

it is necessary due to a specific case;

there are reasonable grounds for believing that the consultation will contribute to the prevention, detection or investigation of a serious criminal offence.

VIS data, which may be used for the search, are limited to:

surname, surname at birth, first names, sex and date, place and country of birth;

current nationality and nationality at birth of the visa applicant;

type and number of the travel document, the authority that issued it and the date of issue and expiry;

main destination and duration of the intended stay;

purpose of travel, and intended date of arrival and departure;

intended border of first entry or transit route;

residence;

fingerprints;

type of visa and number of the visa sticker;

details of the person that has either issued an invitation for the visa applicant or is liable for the applicant’s subsistence costs during his/her stay.

If the search with any of the above data is successful, the authorities may in addition access other data. This includes any other data on the visa application, photographs and any supplementary information added onto the application when the visa was issued, refused, annulled, revoked or extended.

Access by Europol

Access to the VIS for consultation by Europol takes place within the limits of that agency’s mandate.

The officials of a specialist unit designated by Europol act as the central access point authorised to consult the VIS.

Processing of information obtained by Europol via the VIS is subject to the consent of the EU country that entered the data in question.

Council Decision 2013/392/EU set 1 September 2013 as the date of effect of Decision 2008/633/JHA concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences.

This follows the entry into force of Regulation (EU) 767/2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay visas (VIS Regulation).

Europol by virtue of the Europol Decision and the rules adopted for its implementation, under the supervision of the independent joint supervisory body.

Only in urgent cases, and for the purpose of preventing and detecting terrorist and other serious offences, may personal data be transferred to non-EUcountries or to international organisations. However, in such cases, the consent of the EU country that entered the data into the VIS must be obtained.

EU countries are responsible for adopting security measures to guarantee data security during transmission and retrieval. Similarly, they must take measures that provide for administrative and criminal penalties if the use of VIS data breaches this Decision.

VIS data may be kept in national files only in individual cases and only for the duration necessitated by that particular case.

Each EU country and Europol must keep records of all data processing operations so that checks can be made to ensure that operations are lawful. These records must be deleted 1 year after the expiry of the retention period referred to in Regulation (EC) No 767/2008.

Costs

Each EU country and Europol is to set up and maintain, at their expense, the technical infrastructure necessary to implement this Decision. They are also to bear the costs of accessing the VIS.

Monitoring and evaluation

2 years after the VIS starts operating, and every 2 years thereafter, the Management Authority referred to in Regulation (EC) No 767/2008 must submit to the European Parliament, the Council and the Commission a report on the technical aspects of its operations.

3 years after the VIS starts operating, and every 4 years thereafter, the Commission must produce an overall evaluation of the system.

Background

The VIS, which allows EU countries to exchange visa data, was established by Council Decision 2004/512/EC of 8 June 2004. It not only contributes to the implementation of the common visa policy, but also to the Union’s internal security and especially to the fight against terrorism.

On 7 March 2005, the Council adopted conclusions stating that the authorities of the EU countries responsible for internal security should be guaranteed access to the VIS in order to achieve fully the aim of improving internal security and the fight against terrorism.

This Decision follows from these conclusions. It builds on the bridging clause contained in Article 3 of Regulation (EC) No 767/2008 on the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) by establishing the legal basis for the national authorities’ and Europol’s access to the VIS.

Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218 of 13.8.2008).